Contact

Data protection notice

§ 1 Preamble

The following provisions are intended to provide information on the processing of personal data in accordance with the requirements of the GDPR, in particular taking into account the information obligations under Articles 12 to 14 GDPR and to provide information on the rights of data subjects under the GDPR in accordance with Articles 15 to 22 and Article 34 GDPR.

§ 2 Explanation of terms/definitions

(1) “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(2) “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

(3) “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

(4) “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

(5) “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

(6) “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(7) “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

(8) “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

§ 3 General Data Protection Regulation

The full text of the General Data Protection Regulation is available online at http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE. If you have any further questions about the General Data Protection Regulation, you can contact the Data Protection Officer at any time.

§ 4 Information on the controller

“Controller” for the data processing:

Juliane Schmidt

Hauptstraße 8
27211 Bassum/Neubruchhausen

Phone: 0152 – 24 56 91 90

E-mail: [email protected]
Homepage: juliane-schmidt.com

§ 5 Supervisory authority

State Commissioner for Data Protection of Lower Saxony  

Mr Denis Lehmkemper

Prinzenstrasse 5

30159 Hanover

Phone: 0511 / 120 – 4500

Email: [email protected]

Homepage: www.lfd.niedersachsen.de

§ 6 Information on data collection, processing and use

I generally only process your personal data in order to provide and improve the services I offer you. The purposes of data processing include

  • Carrying out an anamnesis
  • Creation of a diagnosis
  • Submission of therapy proposals
  • Carrying out the therapy
  • Realisation of coaching sessions
  • Realisation of seminars

 

I will only process your personal data if I have a legal basis for doing so. The legal basis is based on the purposes for which I have collected and need to use your personal data (see Art. 6 (1) GDPR).

In most cases, I need your personal data in order to conclude a treatment or coaching contract with you.

I may also process your personal data for one or more of the following reasons:

  • To comply with a legal obligation;
  • To protect your vital interests or those of another person (e.g. in a medical emergency);
  • It is in our legitimate interest (e.g. for administrative purposes)

 

I will not retain your data for longer than is necessary for the purpose for which it is processed. To determine the appropriate retention period, I consider the amount, nature and sensitivity of the personal data, the purpose for which I process your personal data and whether I can achieve that purpose by other means.

I must also take into account the periods for which it may be necessary for me to retain your personal data in order to comply with my legal obligations or to deal with complaints and enquiries, as well as to protect my legal rights in the event of a claim being made.

When I no longer need your personal data, I will irretrievably delete or destroy it. I will also consider whether and how I can minimise the personal data I use over time and whether I can anonymise your personal data so that it can no longer be associated with you or identify you. In this case, I may use this information without prior notice to you.

§ 7 Rights of data subjects

As a data subject of data processing, you have the following rights in particular under the General Data Protection Regulation (hereinafter also referred to as “data subject rights”):

(1) You have the right to request information as to whether or not I process personal data relating to you. If I process your personal data, you have the right to information about

  • the purposes of processing;
  • the categories of personal data (type of data) that are processed;
  • the recipients or categories of recipients to whom your data has been or will be disclosed; this applies in particular if data has been or will be disclosed to recipients in third countries outside the scope of the GDPR;
  • the planned storage period, if possible; if it is not possible to specify the storage period, the criteria for determining the storage period (e.g. statutory retention periods or similar) must be communicated;
  • their right to rectification and erasure of data concerning them, including the right to restriction of processing and/or the right to object (see also the following sections);
  • the existence of a right of appeal to a supervisory authority;
  • the origin of the data, if personal data was not collected directly from you.

 

You are also entitled to information as to whether your personal data is the subject of an automated decision within the meaning of Art. 22 GDPR. Art. 22 GDPR and, if this is the case, what decision-making criteria such an automated decision is based on (logic) or what effects and scope the automated decision may have for you.

If personal data is transferred to a third country outside the scope of the General Data Protection Regulation, you are entitled to information as to whether and, if so, on the basis of which guarantees an adequate level of protection within the meaning of Art. 45, 46 GDPR is ensured at the data recipient in the third country. Art. 45, 46 GDPR is ensured at the data recipient in the third country.

You have the right to request a copy of your personal data. I always provide copies of data in electronic form, unless you have specified otherwise. The first copy is free of charge; a reasonable fee may be charged for further copies. The provision is subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.

(2) You have the right to demand that I rectify your data if it is incorrect, inaccurate and/or incomplete; the right to rectification includes the right to completion through supplementary declarations or notifications. A correction and/or completion must be made immediately, i.e. without undue delay.

(3) You have the right to demand that I erase your personal data if

  • the personal data are no longer necessary for the purposes for which they were collected and processed;
  • the data processing is based on your consent and you have withdrawn your consent, unless there is another legal basis for the data processing;
  • you have objected to data processing pursuant to Art. 21 GDPR and there are no overriding legitimate grounds for further processing,
  • you have objected to data processing for the purpose of direct marketing pursuant to Art. 21 (2) GDPR;
  • your personal data has been processed unlawfully;
  • it concerns data of a child collected in relation to information society services pursuant to Art. 8 para. 1 GDPR.

 

There is no right to erasure of personal data if

  • the right to freedom of expression and information precludes the request for erasure;
  • the processing of personal data is necessary (i) to fulfil a legal obligation (e.g. statutory retention obligations), (ii) for the performance of public tasks and interests in accordance with Union law and/or the law of the Member States (this also includes interests in the area of public health) or (iii) for archiving and/or research purposes;
  • the personal data are required for the establishment, exercise or defence of legal claims.

 

The deletion must take place immediately – i.e. without culpable delay. If personal data has been made public by me (e.g. on the Internet), I must ensure, as far as technically possible and reasonable, that third party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

(4) You have the right to restrict the processing of your personal data in the following cases:

  • If you have disputed the accuracy of your personal data, you can demand that your data not be used for other purposes for the duration of the accuracy check and be restricted in this respect.
  • In the event of unlawful data processing, you can request the restriction of data use in accordance with Art. 18 GDPR instead of data erasure in accordance with Art. 17 para. 1 lit. d GDPR;
  • If you need your personal data for the establishment, exercise or defence of legal claims, but your personal data is otherwise no longer required, you can request that I restrict processing to the aforementioned legal prosecution purposes;
  • If you have objected to data processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether my interests in processing outweigh your interests, you can request that your data not be used for other purposes for the duration of the review and that it be restricted in this respect.

 

Personal data whose processing has been restricted at your request may – subject to storage – only be processed (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, or (iv) for reasons of important public interest. If a processing restriction is lifted, you will be informed of this in advance.

(5) Subject to the following provisions, you have the right to demand that the data concerning you be handed over in a commonly used electronic, machine-readable data format. The right to data portability includes the right to transmit the data to another controller; on request, I will therefore – where technically possible – transmit data directly to a controller named or to be named by you. The right to data portability exists only for data provided by you and requires that the processing is based on consent or for the performance of a contract and is carried out by automated means. The right to data portability pursuant to Art. 20 GDPR does not affect the right to data erasure pursuant to Art. 17 GDPR. The data transfer is subject to the rights and freedoms of other persons whose rights may be affected by the data transfer.

(6) In the case of processing of personal data for the performance of tasks carried out in the public interest (Art. 6 para. 1 lit. e GDPR) or to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR), you can object to the processing of your personal data at any time with effect for the future. In the event of an objection, I must refrain from any further processing of your data for the aforementioned purposes, unless

  • there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
  • the processing is necessary for the establishment, exercise or defence of legal claims.

 

You can object to the use of your data for the purpose of direct advertising at any time with effect for the future; this also applies to profiling insofar as it is associated with direct advertising. In the event of an objection, I must refrain from any further processing of your data for the purpose of direct advertising.

(7) Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. This does not apply if the automated

  • is necessary for the conclusion or fulfilment of a contract with you,
  • is authorised by Union or Member State law, provided that such law contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
  • with your express consent.

 

Decisions based solely on automated processing of special categories of personal data are generally not permitted unless Art. 22 para. 4 in conjunction with Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of your person.

(8) I will inform you immediately of any data protection violations that may result in a high risk to your personal rights and freedoms; the information may be omitted in cases of Art. 34 para. 3 GDPR. As part of the notification, I will provide you with the following information in particular:

  • Description of the data breach,
  • Name and contact details of the data protection officer or other contact point for further information,
  • Description of the likely consequences of the data breach,
  • A description of the measures I have taken or propose to take to address the data breach, including measures to mitigate any adverse effects.

 

(9) To exercise your rights as a data subject, please contact the office named under § 5. Enquiries that are submitted electronically will generally be answered electronically, unless you have specified otherwise in your enquiry.

The information, notifications and measures to be provided in accordance with the GDPR, including the exercise of data subject rights, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests am I authorised to charge an appropriate fee for processing or to refrain from taking action (Art. 12 (5) GDPR).

If there are reasonable doubts about your identity, I am entitled to request additional information from you for the purpose of identification, if necessary. If I am unable to identify you, I am entitled to refuse to process your enquiry. I will inform you separately – as far as possible – if I am unable to identify you. (Art. 12 para. 6, Art. 11 GDPR).

As a rule, requests for information will be processed immediately, within one month of receipt of the request. The deadline may be extended by a further two months if this is necessary in view of the complexity and/or number of requests; in the event of an extension of the deadline, I will inform you within one month of receipt of your request, stating the reasons for the delay. If I do not act on a request, I will inform you immediately within one month of receipt of the request, stating the reasons for this and informing you of the possibility of lodging a complaint with a supervisory authority or seeking a judicial remedy . (Art. 12 para. 3 and para. 4 GDPR).

Please note that you can only exercise your rights as a data subject within the framework of any restrictions and limitations provided for by the Union or the Member States. (Art. 23 GDPR).

(10) If I have disclosed personal data to other bodies or recipients, I am obliged, as far as technically possible and reasonable, to notify the recipients of the data of any rectification, erasure and/or restriction of processing. Upon request, I will inform you about the respective recipients of the data.

§ 8 Use of the website

(1) When you access my website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the website content requested by you and is mandatory when using the Internet.

(2) If you contact me by e-mail or contact form, the information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions.

Personal data is collected by me if and insofar as you voluntarily provide me with this data when contacting me, e.g. by contact form or e-mail.

The data you provide will only be used to process your enquiries and for possible follow-up questions and for any contract fulfilment and contract processing

Once the contract has been fully processed, your data will of course be blocked for further use.

After expiry of the retention periods under tax and commercial law, your data will be deleted by me, unless you have expressly consented to further use of your data or I reserve the right to use data beyond this, which is permitted by law and about which I will inform you below.

§ 9 Data transmission

(1) The transfer of personal data to third parties is only permitted on the basis of legal authorisation or the consent of the data subject.

(2) If the recipient of personal data is located outside the European Union or the European Economic Area, special measures must be taken to protect the rights and interests of data subjects. The transfer of data shall be omitted if the receiving organisation does not have an adequate level of data protection or if it cannot be established, for example, by means of special contractual clauses.

§ 10 Adaptation of the privacy policy

I reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to my services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

§ 11 Legal protection options

In the event of complaints, you can contact the competent supervisory authority of the Union or the Member States at any time. The supervisory authority named in § 5 (above) is responsible for me.

Links

Blog

Quaestio – why do good questions reduce stress?
My balance, please – how do I become healthy?
Flipping a coin – why does this lead to better decisions?

Downloads

Medical History Form
Emotion wheel

Contact

Hauptstraße 8
27211 Bassum /
Neubruchhausen
0152 24 56 91 90
[email protected]